Every write funnels through one enforcement point with policies, role-tiered permissions, approval queues, and a complete audit trail. Letting an agent touch your CRM should make it safer, not riskier.
Move Acme to Closed won and update the owner.
Stage change is allowed and applied. The owner change needs an admin approvalby policy — I’ve queued it.
One enforcement chokepoint: policy, write-scope, and approval — then the audit log.
The instinctive worry about an AI-native CRM is the right one: what stops it writing the wrong thing, or letting the wrong person see too much? An agent without guardrails is a liability. The answer isn't to keep humans typing into forms forever — it's to put real governance around the agent so every change is permitted, reviewable, and recorded.
Per-workspace policies decide what each role may do — allow, deny, or require approval — by tool, object, or globally. The default is exactly today's behavior until you tighten it.
Sensitive changes are captured into a queue instead of being written. An admin reviews and releases them; nothing slips past the boundary.
Every read and write flows through one chokepoint and lands in an immutable audit log. You can always answer who changed what, when, and why.
See your own data running in Capable inside a week. No migration project, no data-entry tax — just a record you can trust.